<?php
  
include "../../config.php";
  include 
"./flag.php";
  if(
$_GET['view_source']) view_source();
?><html>
<head>
<title>Challenge 57</title>
</head>
<body>
<?php
  $db 
dbconnect();
  if(
$_GET['msg'] && isset($_GET['se'])){
    
$_GET['msg'] = addslashes($_GET['msg']);
    
$_GET['se'] = addslashes($_GET['se']);
    if(
preg_match("/select|and|or|not|&|\||benchmark/i",$_GET['se'])) exit("Access Denied");
    
mysqli_query($db,"insert into chall57(id,msg,pw,op) values('{$_SESSION['id']}','{$_GET['msg']}','{$flag}',{$_GET['se']})");
    echo 
"Done<br><br>";
    if(
rand(0,100) == 1mysqli_query($db,"delete from chall57");
  }
?>
<form method=get action=index.php>
<table border=0>
<tr><td>message</td><td><input name=msg size=50 maxlength=50></td></tr>
<tr><td>secret</td><td><input type=radio name=se value=1 checked>yes<br><br><input type=radio name=se value=0>no</td></tr>
<tr><td colspan=2 align=center><input type=submit></td></tr>
</table>
</form>
<br><br><a href=./?view_source=1>view-source</a>
</body>
</html>